On Thu, 2 Sep 1999, Geoff Rehmet wrote:
How do OpenBSD do it?
They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time to
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
PRNG - it's a more conservative design and uses primitives
like SHA-1 (for
yarrow-160). I don't know how much of an impact this would be for
network performance.
If it is
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
How do OpenBSD do it?
They use arc4random(), to add a random increment.
And you do ISN = C + f(state) where C is a 250KHz counter and f is your
cut-down MD5? And state = {random secret, src addr, src port, dst addr,
dst port, ?}
I haven't had time to
On Thu, 2 Sep 1999, Geoff Rehmet wrote:
I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
PRNG - it's a more conservative design and uses primitives
like SHA-1 (for
yarrow-160). I don't know how much of an impact this would be for
network performance.
If it is
After a bit of work on TCP sequence numbers, and generating initial
sequence numbers which are difficult to predict, I have put some
code together, which I belive makes the way in which FreeBSD
generates initial send sequence numbers more secure.
Problems with our existing scheme are that we
After a bit of work on TCP sequence numbers, and generating initial
sequence numbers which are difficult to predict, I have put some
code together, which I belive makes the way in which FreeBSD
generates initial send sequence numbers more secure.
Problems with our existing scheme are that we
On Wed, 1 Sep 1999, Geoff Rehmet wrote:
After a bit of work on TCP sequence numbers, and generating initial
sequence numbers which are difficult to predict, I have put some
code together, which I belive makes the way in which FreeBSD
generates initial send sequence numbers more secure.
How
I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
PRNG - it's a more conservative design and uses primitives like SHA-1 (for
yarrow-160). I don't know how much of an impact this would be for
network performance.
I will doing Yarrow-1.0A, once the IPSec stuff is around. I
How do OpenBSD do it?
They use arc4random(), to add a random increment.
Just curious whether you have a reference for doing this or
whether it was
an ad-hoc change. Playing with cryptographic algorithms isn't
usually a
good idea unless you're sure, as I'm sure you know.
Yup - dead
[ Geoff Rehmet ]
Another question that comes in to this is - how good a tool is nmap
for evaluating the predictability of the sequence numbers we generate?
Just a funny (?) aside - while playing about with nmap here a while back,
a colleague accidentally discovered that our Digital (or Compaq
[ Geoff Rehmet ]
Another question that comes in to this is - how good a tool is nmap
for evaluating the predictability of the sequence numbers we generate?
Just a funny (?) aside - while playing about with nmap here a while back,
a colleague accidentally discovered that our Digital (or Compaq
A topic that Mark and I have been discussing a little, is the
algorithms that FreeBSD uses for generating initial TCP sequence
numbers - that being with reference to the predictability of
these numbers. (Work on this has been somewhere in Mark's
todo list for a while.)
This topic raises a few
Another question that comes in to this is - how good a tool is nmap
for evaluating the predictability of the sequence numbers we generate?
Ideally, I would like to do some improvements to our sequence number
generation.
Thoughts?
What is OpenBSD like in this regard ?
AFAIR it has
A topic that Mark and I have been discussing a little, is the
algorithms that FreeBSD uses for generating initial TCP sequence
numbers - that being with reference to the predictability of
these numbers. (Work on this has been somewhere in Mark's
todo list for a while.)
This topic raises a few
Another question that comes in to this is - how good a tool is nmap
for evaluating the predictability of the sequence numbers we generate?
Ideally, I would like to do some improvements to our sequence number
generation.
Thoughts?
What is OpenBSD like in this regard ?
AFAIR it has various
15 matches
Mail list logo
